Beware of Fraudsters!

  • Smart Tips Against Phishing SMS and Emails
    FIND OUT MORE

    In accordance with the HKMA’s supervisory requirements, banks will not send SMS or email messages with embedded hyperlinks directing customers to their websites or mobile applications to carry out transactions. Nor will they ask customers to provide sensitive personal information, including login passwords and OTPs, via hyperlinks.

    If you receive SMS or email messages with embedded hyperlinks requesting you to input internet banking login credentials, these messages should not originate from banks. You should think twice before clicking any hyperlinks purportedly sent by banks. If you find the hyperlinks (or attachments) in the SMS or email messages suspicious, do not click the hyperlinks (or open the attachments). You should always access Internet banking by entering the bank’s website address directly, or using a bookmark or an Internet banking mobile application (app).

    In case of any queries, bank customers can contact the relevant bank to verify the SMS or email authenticity via other channels (e.g. bank’s customer service hotline).

    Internet banking login credentials, including usernames, login passwords and one-time passwords (OTPs), are as important in the digital world as the keys to their houses are in the physical one, and should be properly safeguarded.

    The list below covers press releases for alerting the public on phishing SMS and email messages that have been issued by the HKMA.

     

    Press Release(s)

    6 July 2021

    HKMA and HKAB Raise Public Awareness of Phishing Attacks

    5 March 2021

    The HKMA alerts the public to phishing scams via hyperlinks embedded in SMS or emails

  • Smart Tips Against Credit Card Scams
    FIND OUT MORE

    There are credit card scams happening from time to time, with evolving modus operandi and different deceptive tactics used by fraudsters.  Remember to stay vigilant and safeguard your card information to avoid falling prey to credit card scams.  As a smart credit card user, you should pay attention to the following tips:

    • Take due care and precautions in safeguarding your credit cards, card data and relevant authentication factors (e.g. one-time password, mobile device, etc.).
    • Do not disclose to third parties your credit card information, including card number, expiration date, security code (usually printed on the back of the card next to the signature box) and one-time password.
    • Verify the genuineness of merchants and websites (e.g. enquire the risk levels / alerts through “Scameter” of the Hong Kong Police Force) before providing personal and credit card information to authorise transactions, and stay vigilant to any suspicious calls, SMS or emails (e.g. phishing messages are often purported to be sent by reliable companies, merchants or banks with very similar text and brand logos, and often embed with hyperlinks to bogus websites luring cardholders to provide credit card and sensitive personal information).
    • Check the details of the SMS one-time password carefully, including the relevant transaction information (including type of transaction, name of merchant, transaction amount and currency, etc.), and be cautious of using AutoFill feature of smartphone.  Never input the one-time password and proceed with the transaction without verifying the transaction details in the SMS.  Once the card information (including the one-time password) is inputted, the transaction may not be cancelled and the customer may be liable for the transaction.
    • After you have bound a credit card to a contactless mobile payment service (e.g. Apple Pay, Google Pay), the bank will send a binding notification to the mobile number you have registered with the bank, specifying the contactless mobile payment service to which the credit card has been bound.  You should check the notification and notify the card issuing bank immediately in case you have not given such binding instruction.   Once the binding is made successfully, one-time passwords may not be needed for the subsequent transactions.
    • Always pay attention to communication messages (such as e-mails, SMS, etc.) sent from banks.  Check credit card transaction records from time to time and verify your monthly statements.  Report to your card issuing bank immediately if there are any suspicious or unauthorised transactions identified, regardless of the amount involved.
    • Report to your card issuing bank and the Police immediately if you lose your credit card, suspect your card or card information has been stolen, or suspect your card has been bound to a suspicious mobile device.

    If you do not use or safeguard your credit cards and card information properly, fraudsters may exploit such opportunity to commit frauds (e.g. steal your cards to conduct unauthorised credit card transactions), causing financial losses to you.  In short, remember to safeguard your card and card information to avoid falling prey to credit card scams.

     

    Press Release(s)

    29 June 2023

    Anti-Scam Consumer Protection Charter